Speakers
Synopsis
As organisations embrace cloud native and containerised workloads, Kubernetes (K8s) cluster has emerged as De-facto standard for container orchestration. Additionally, multiple organisations are under the misconception that the security of K8s clusters fall within the remit of cloud service providers. This misconception leads them to believe that either cluster offensive security is not required, or is considered a low priority exercise. As a result, organisations are not fully aware of the business value-add and significance associated with engaging in offensive security testing for K8s cluster.
In my investigation, it was observed that there is an underestimation regarding the potential risks associated with misconfigurations in K8s clusters and integrated components within the cloud-native stack.
I will share why organisations need to conduct offensive security assessments on K8s clusters, along with attack chains reflecting real world techniques on infiltrating and exploitation of a K8s cluster. The audience will acquire knowledge on how to attack a K8s cluster and learn about key security controls that enhance the security posture of K8s cluster using defense in depth methodology.
